CVE-2024-7333 – A critical buffer overflow vulnerability in TOT... (How to Fix)

Q: What is the severity of CVE-2024-7333?

CVE-2024-7333 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in TOTOLINK N350RT routers allows remote attackers to execute arbitrary code by manipulating time parameters in the parental control rules function. This affects all users of the vulnerable firmware version, potentially giving attackers full control of the router. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in TOTOLINK N350RT routers allows remote attackers to execute arbitrary code by manipulating time parameters in the parental control rules function. This affects all users of the vulnerable firmware version, potentially giving attackers full control of the router. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

TOTOLINK N350RT

Versions: 9.3.5u.6139_B20201216

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable. The vulnerability is in the web management interface accessible via HTTP.

📦 What is this software?

N350rt Firmware by Totolink

View all CVEs affecting N350rt Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to persistent backdoor installation, network traffic interception, credential theft, and pivoting to internal network devices.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept traffic, or use the router as part of a botnet.

🟢

If Mitigated

Limited impact if the router is behind a firewall with strict inbound rules, though internal network compromise remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub. The vulnerability requires no authentication and has a straightforward exploitation path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch is available. Contact TOTOLINK support for firmware updates. If an update becomes available, download from official sources, backup configuration, upload firmware via web interface, and factory reset after update.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to the vulnerable web interface

Access router web interface > Advanced > Remote Management > Disable

Restrict Web Interface Access

all

Limit access to router management interface to trusted IPs only

Access router web interface > Advanced > Firewall > Add rule to block port 80/443 from WAN

🧯 If You Can't Patch

Replace the router with a different model from a vendor with active security support
Place router behind a firewall that blocks all inbound traffic to port 80/443

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: Login > System > Firmware Upgrade. If version is 9.3.5u.6139_B20201216, device is vulnerable.

Check Version:

curl -s http://router-ip/cgi-bin/cstecgi.cgi | grep -i version

Verify Fix Applied:

Verify firmware version has changed from 9.3.5u.6139_B20201216 to a newer version. Test the vulnerable endpoint with safe payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/cstecgi.cgi with setParentalRules parameter
Large payloads in week/sTime/eTime parameters
Multiple failed buffer overflow attempts

Network Indicators:

Unusual traffic patterns from router to external IPs
Exploit kit signatures targeting TOTOLINK routers
Port scanning originating from router

SIEM Query:

source="router_logs" AND uri="/cgi-bin/cstecgi.cgi" AND (param="setParentalRules" OR param="week" OR param="sTime" OR param="eTime")

📊 Metadata

CVE ID: CVE-2024-7333

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: August 1, 2024

Last Updated: August 9, 2024

🔗 References

https://github.com/135a/IoT-vulnerable/blob/main/TOTOLINK/N350RT/setParentalRules.md Exploit,Technical Description,Third Party Advisory
https://vuldb.com/?ctiid.273256 Permissions Required,VDB Entry
https://vuldb.com/?id.273256 Permissions Required,VDB Entry
https://vuldb.com/?submit.379281 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7333, you might also want to check these: